<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/all.conf.php');
require_once(__PHY_LIB.'/class/FnOrder.class.php');

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
	$value = urlencode(stripslashes($value));
	$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) ."\r\n\r\n";
$fp = fsockopen('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name        = $_POST['item_name'];
$item_number      = $_POST['item_number'];
$payment_status   = $_POST['payment_status'];
$payment_amount   = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id           = $_POST['txn_id'];
$receiver_email   = $_POST['receiver_email'];
$payer_email      = $_POST['payer_email'];
$order_sn         = $_POST['invoice'];
$action_note      = $txn_id . '（' .paypal交易号. '）' . $_POST['memo'];
$_POST['payment_method'] = 'paypal';

$nPaidOrderID = 0;
if (is_resource($fp)) {
	fwrite($fp, $header . $req);
	while (!feof($fp)) {
		$res = fgets($fp, 1024);
		if (strcmp($res, 'VERIFIED') == 0) {
			// check the payment_status is Completed
			if ($_POST['payment_status'] == 'Completed') {
				$nPaidOrderID = $_POST['invoice']; // 返回订单号
			}
			fclose($fp);
			break;
		}
		elseif (strcmp($res, 'INVALID') == 0) {
			// log for manual investigation
			fclose($fp);
			break;
		}
	}
}
if (0 < $nPaidOrderID) {
	$oOrder = new Order($nPaidOrderID);
	if (0 < $oOrder->getID() && 'unpaid' == $oOrder->get('status')) {
		$oOrder->set('status', 'paid');
		$oOrder->update();
		$oOrder->reduceStockLock();
		/// 订单更新日志 ///
		$rParam = $_POST;
		$oOrder->addChangelog('prepay', $rParam);
		echo 'You have paid for order, id='.$nPaidOrderID;
	}
	else {
		echo 'Please wait until We know you have paid for order, id='.$nPaidOrderID.'. <a href="javascript:location.reload();void(0);">refresh</a>';
	}
}
else {
	echo 'failed to varify.';
}
?>
